I am trying to install UFs on a number of hosts using the below script got from one of the post in this forum,
#!/bin/sh
# This EXAMPLE script shows how to deploy the Splunk universal forwarder
# to many remote hosts via ssh and common Unix commands.
# For "real" use, this script needs ERROR DETECTION AND LOGGING!!
# --Variables that you must set -----
# Set username using by splunkd to run.
SPLUNK_RUN_USER="splunk"
# Populate this file with a list of hosts that this script should install to,
# with one host per line. This must be specified in the form that should
# be used for the ssh login, ie. username@host
#
# Example file contents:
# splunkuser@10.20.13.4
# splunkker@10.20.13.5
HOSTS_FILE="uf_hosts"
# This should be a WGET command that was *carefully* copied from splunk.com!!
# Sign into splunk.com and go to the download page, then look for the wget
# link near the top of the page (once you have selected your platform)
# copy and paste your wget command between the ""
WGET_INSTALL="sudo yum -y install wget"
WGET_CMD="wget -O splunkforwarder-7.2.4-8a94541dcfac-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.2.4&product=universalforwarder&filename=splunkforwarder-7.2.4-8a94541dcfac-Linux-x86_64.tgz&wget=true'"
# Set the install file name to the name of the file that wget downloads
# (the second argument to wget)
INSTALL_FILE="splunkforwarder-7.2.4-8a94541dcfac-Linux-x86_64.tgz"
# After installation, the forwarder will become a deployment client of this
# host. Specify the host and management (not web) port of the deployment server
# that will be managing these forwarder instances.
# Example 1.2.3.4:8089
DEPLOY_SERVER="18.207.205.49:8089"
# Set the seed app folder name for deploymentclien.conf
DEPLOY_APP_FOLDER_NAME="ap3_all_deploymentclient"
# Set the new Splunk admin password
PASSWORD="QzpU9l8T"
REMOTE_SCRIPT_DEPLOY="
cd /opt
sudo $WGET_INSTALL
sudo $WGET_CMD
sudo tar xvzf $INSTALL_FILE
sudo rm $INSTALL_FILE
sudo useradd $SPLUNK_RUN_USER
echo "
[user_info]
USERNAME = admin
PASSWORD = $PASSWORD
" > /opt/splunk/etc/system/local/user-seed.conf
sudo mkdir -p /opt/splunkforwarder/etc/apps/$DEPLOY_APP_FOLDER_NAME/local
sudo echo "[target-broker:deploymentServer] targetUri = $DEPLOY_SERVER" > /opt/splunkforwarder/etc/apps/$DEPLOY_APP_FOLDER_NAME/local/deploymentclient.conf
sudo chown -R $SPLUNK_RUN_USER:$SPLUNK_RUN_USER /opt/splunkforwarder
sudo -u $SPLUNK_RUN_USER /opt/splunkforwarder/bin/splunk start --accept-license --answer-yes --auto-ports --no-prompt
sudo /opt/splunkforwarder/bin/splunk enable boot-start -user $SPLUNK_RUN_USER
exit
"
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
#===============================================================================================
echo "In 5 seconds, will run the following script on each remote host:"
echo
echo "===================="
echo "$REMOTE_SCRIPT_DEPLOY"
echo "===================="
echo
sleep 5
echo "Reading host logins from $HOSTS_FILE"
echo
echo "Starting."
for DST in `cat "$DIR/$HOSTS_FILE"`; do
if [ -z "$DST" ]; then
continue;
fi
echo "---------------------------"
echo "Installing to $DST"
echo "Initial UF deployment"
sudo ssh -t "$DST" "$REMOTE_SCRIPT_DEPLOY"
done
echo "---------------------------"
echo "Done"
echo "Please use the following app folder name to override deploymentclient.conf options: $DEPLOY_APP_FOLDER_NAME"
After executing the script, I am getting the below error in the logs,
bash: line 7: /opt/splunkforwarder/etc/system/local/user-seed.conf: Permission denied
bash: line 9: /opt/splunkforwarder/etc/apps/ap3_all_deploymentclient/local/deploymentclient.conf: Permission denied
Already executing those commands as a sudo user, still I am getting the errors. Please advise.
↧